systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 16 Activity Actions

Add IPv6 to proxmox internal network

Browse source
This commit is contained in:
Jake Howard 2024-04-20 18:00:08 +01:00
parent 7c8d224c4a
commit 7ff44ee238
Signed by: jake
GPG key ID: 57AFB45680EDD477
6 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ansible/group_vars/all/pve.yml
View file

@ -1,5 +1,6 @@
pve_hosts:
internal_cidr: 10.23.1.0/24
internal_cidr_ipv6: fde3:15e9:e883::1/48
pve:
ip: 10.23.1.1
external_ip: 192.168.2.200
@ -7,17 +8,19 @@ pve_hosts:
ip: 10.23.1.11
forrest:
ip: 10.23.1.13
ipv6: fde3:15e9:e883::103
jellyfin:
ip: 10.23.1.101
dokku:
ip: 10.23.1.102
docker:
ip: 10.23.1.103
ipv6: fde3:15e9:e883::203
ingress:
ip: 10.23.1.10
external_ip: 192.168.2.201
external_ipv6: "{{ vault_ingress_ipv6 }}"
link_local: fe80::d4e4:22ff:fe8b:429d
ipv6: fde3:15e9:e883::100
homeassistant:
ip: 192.168.2.203
qbittorrent:

2
ansible/roles/base/files/ssh-jail.conf
View file

@ -4,4 +4,4 @@ bantime = 600
findtime = 30
maxretry = 5
port = {{ ssh_port }},ssh
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ tailscale_cidr }}
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ tailscale_cidr }}

2
ansible/roles/forrest/tasks/main.yml
View file

@ -28,7 +28,7 @@
- add
- "{{ vps_hosts.private_ipv6_range }}"
- via
- "{{ pve_hosts.ingress.link_local }}"
- "{{ pve_hosts.ingress.ipv6 }}"
- dev
- eth0
become: true

4
ansible/roles/gateway/files/nginx-fail2ban-jail.conf
View file

@ -6,9 +6,9 @@ maxretry = 100
filter = nginx-tcp
logpath = /var/log/nginx/ips.log
port = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
[traefik]
enabled = true
port = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}

2
ansible/roles/traefik/files/fail2ban/traefik-jail.conf
View file

@ -6,5 +6,5 @@ maxretry = 5
filter = traefik
logpath = /tmp/traefik-logs/access.log
port = http,https
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
action = gateway

2
ansible/roles/traefik/files/file-provider-main.yml
View file

@ -15,6 +15,7 @@ http:
- "{{ tailscale_cidr }}"
- "{{ tailscale_cidr_ipv6 }}"
- "{{ pve_hosts.forrest.ip }}"
- "{{ pve_hosts.forrest.ipv6 }}"
private-access:
ipWhiteList:
@ -23,3 +24,4 @@ http:
- "{{ tailscale_cidr_ipv6 }}"
- "{{ nebula.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ pve_hosts.internal_cidr_ipv6 }}"